[csw-maintainers] The minimal version of gnupg

Philip Brown phil at bolthole.com
Thu Oct 21 18:31:29 CEST 2010

On Tue, Oct 19, 2010 at 2:58 PM, Maciej (Matchek) Blizinski
<maciej at opencsw.org> wrote:
> No dia 19 de Outubro de 2010 19:18, Philip Brown <ph....
>> It is supposed to avoid dependancies such as openldap_rt.
>> In theory, even things like the curl_rt, since that itself, also pulls
>> in openldap_rt.
>> And that pulls in sasl. and openssl....
> This sounds like a problem stemming from the lack of package
> granularity; the libraries alone don't constitute that much of a
> problem, I'd say.  If openldap_rt depended only on shared libraries
> from sasl, dependencies wouldn't be that prominent.
>> Since gnupg is useful in the core of what we do: (pkg-get and pkgutil
>> both use it), I think it is beneficial to our users to provide a
>> "minimal" package of it, so as to minimize the number of required
>> packages to install, before using our package transfer mechanisms
>> securely.
> If that's the goal, we could even embed the minimal gpg in the
> pkg-get/pkgutil packages the same way wget is embedded there.

first of all: pkg-get does not embed wget. it's a pure script only.

secondly: to avoid pulling in sasl, and openssl, is not fixed by
package granularity. we'd have to create separate versions of openldap
that did not use sasl. and I cant see putting together an openldap
version without openssl, that doesnt make much sense.
It makes more sense to trim the dependencies at the "gpg_minimal" level.
gpg is, in principle, a "local file operation only" utility, that got
extended. if all you want is the "local file only" stuff, all those
other libs are just useless junk.

More information about the maintainers mailing list